SEVERITY

CRITICAL

// ADVISORY DATE

20 MAR 2012

DESCRIPTION

This security update addresses two privately reported vulnerabilities in the Remote Desktop Protocol, which may result to code execution if an attacker sends specially crafted rdp packets to an affected system. The Remote Desktop Protocol (RDP) is not defaultly enabled on Windows Operating system, thus those systems with unabled RDP are not affected.

There are reports indicating the emergence of proof of concept code in the wild. Trend Micro is able to provide solutions against PoC code related to this vulnerability.